Uncover gaps in your Microsoft Identity Security.
Book an identity exposure gap analysis today.
Vectra AI Japan、ITR発行の最新レポート内「NDR市場」にて国内トップシェアを獲得
詳細を見る
Hamburger icon top line
Hamburger icon middle line
Hamburger icon bottom line
Threat actors
>
Ransomware Group

Pryx

Pryx is a new ransomware group that has recently emerged, claiming responsibility for significant cyber attacks on educational institutions.

Detect Pryx's TTPs
Is Your Organization Safe from Pryx Ransomware Attacks?
Background
Targets
TTPs
Detection
FAQs
Watch Threat Briefing

The origin of Pryx

Pryx has targeted Rowan College at Burlington County (RCBC.edu) and Rowan College, compromising their systems and stealing sensitive data. The group has announced the theft of 30,000 university applications, including a wide range of personal and academic information.

Source: GBhackers

The origin of Pryx
Targets

Pryx's targets

Countries targeted by Pryx

So far, Pryx ransomware has targeted victims primarily in the US, but it is still too early to determine whether they will confine their attacks to the US alone.

Industries targeted by Pryx

Pryx's first significant attack was against this educational institution, indicating a focus on targeting universities and colleges.

Industries targeted by Pryx

Pryx's first significant attack was against this educational institution, indicating a focus on targeting universities and colleges.

Pryx's victims

On July 3rd, Pryx compromised the systems of Rowan College at Burlington County, leading to the theft of 30,000 university applications.

Attack Method

Initial Access
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Execution
Exfiltration
Impact
A shadowy figure casting a wide net over a digital landscape filled with various devices such as computers, smartphones, and tablets. The net symbolizes the attacker's attempts to find vulnerabilities or use phishing techniques to gain unauthorized access.
A digital ladder extending upwards from a basic user icon towards a crown symbolizing administrative privileges. This represents the attacker's efforts to gain higher-level access within the system.
A chameleon blending into a digital background, with zeroes and ones flowing around it. This represents the attacker's ability to avoid detection by security measures, changing tactics to blend in with normal network traffic.
A thief with a lockpick toolkit working on a giant keyhole shaped like a login form, representing the attacker's efforts to steal user credentials to gain unauthorized access.
A magnifying glass moving over a digital map of a network, highlighting files, folders, and network connections. This image represents the phase where attackers explore the environment to understand the structure and where valuable data resides.
A series of interconnected nodes with a shadowy figure moving stealthily between them. This illustrates the attacker's movements within the network, seeking to gain control of additional systems or spread malware.
A large vacuum sucking up files, data icons, and folders into a bag held by a shadowy figure. This image symbolizes the process of gathering valuable data from the target network.
A command prompt window open in front of a digital background, with malicious code being typed out. This represents the phase where attackers execute their malicious payload within the compromised system.
A series of files being funneled through a covert channel out of a computer to a cloud labeled with a skull, symbolizing the unauthorized transfer of data to a location controlled by the attacker.
A cracked screen with a digital cityscape in chaos behind it, symbolizing the destructive impact of the cyberattack, such as service disruption, data destruction, or financial loss.
A shadowy figure casting a wide net over a digital landscape filled with various devices such as computers, smartphones, and tablets. The net symbolizes the attacker's attempts to find vulnerabilities or use phishing techniques to gain unauthorized access.
Initial Access
A digital ladder extending upwards from a basic user icon towards a crown symbolizing administrative privileges. This represents the attacker's efforts to gain higher-level access within the system.
Privilege Escalation
A chameleon blending into a digital background, with zeroes and ones flowing around it. This represents the attacker's ability to avoid detection by security measures, changing tactics to blend in with normal network traffic.
Defense Evasion
A thief with a lockpick toolkit working on a giant keyhole shaped like a login form, representing the attacker's efforts to steal user credentials to gain unauthorized access.
Credential Access
A magnifying glass moving over a digital map of a network, highlighting files, folders, and network connections. This image represents the phase where attackers explore the environment to understand the structure and where valuable data resides.
Discovery
A series of interconnected nodes with a shadowy figure moving stealthily between them. This illustrates the attacker's movements within the network, seeking to gain control of additional systems or spread malware.
Lateral Movement
A large vacuum sucking up files, data icons, and folders into a bag held by a shadowy figure. This image symbolizes the process of gathering valuable data from the target network.
Collection
A command prompt window open in front of a digital background, with malicious code being typed out. This represents the phase where attackers execute their malicious payload within the compromised system.
Execution
A series of files being funneled through a covert channel out of a computer to a cloud labeled with a skull, symbolizing the unauthorized transfer of data to a location controlled by the attacker.
Exfiltration
A cracked screen with a digital cityscape in chaos behind it, symbolizing the destructive impact of the cyberattack, such as service disruption, data destruction, or financial loss.
Impact
MITRE ATT&CK Mapping

TTPs used by Pryx

This list of TTPs is not exhaustive as we are still working to fully understand the behavior of Pryx ransomware; it will be updated regularly as we gather more information.

TA0001: Initial Access
T1566
Phishing
T1078
Valid Accounts
TA0002: Execution
No items found.
TA0003: Persistence
T1078
Valid Accounts
TA0004: Privilege Escalation
T1078
Valid Accounts
TA0005: Defense Evasion
T1078
Valid Accounts
TA0006: Credential Access
No items found.
TA0007: Discovery
No items found.
TA0008: Lateral Movement
No items found.
TA0009: Collection
No items found.
TA0011: Command and Control
No items found.
TA0010: Exfiltration
No items found.
TA0040: Impact
T1486
Data Encrypted for Impact
Platform Detections

How to Detect Pryx with Vectra AI

List of the Detections available in the Vectra AI Platform that would indicate a ransomware attack.

AWS Ransomware S3 Activity

M365 Ransomware

Ransomware File Activity

View more detections
Assess your attack exposure

FAQs

Is Your Organization Safe from Pryx Ransomware Attacks?

Assess your attack exposure